From c82f0edb4cf88efb37a5403d3113674315ba5aa8 Mon Sep 17 00:00:00 2001 From: mmorozov Date: Thu, 27 Jul 2023 16:48:39 +0300 Subject: [PATCH 1/2] [PROXY-463] Add build support and CircleCI --- .circleci/config.yml | 75 +++++++++++++++++++++++++++++++++++ .circleci/setup-aws-config.sh | 26 ++++++++++++ .gitignore | 2 + docker-compose.yml | 15 ++++--- httpbin/helpers.py | 4 +- local/LOCAL.md | 26 ++++++++++++ ops/docker-login.sh | 3 ++ requirements.txt | 27 +++++++++++++ vgs.dockerfile | 17 ++++++++ 9 files changed, 188 insertions(+), 7 deletions(-) create mode 100644 .circleci/config.yml create mode 100755 .circleci/setup-aws-config.sh create mode 100644 local/LOCAL.md create mode 100755 ops/docker-login.sh create mode 100644 requirements.txt create mode 100644 vgs.dockerfile diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000..bb054903 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,75 @@ +version: 2.1 + +job-defaults: &job-defaults + working_directory: &working_directory + ~/app + environment: + AWS_PROFILE: dev/vault + AWS_DEFAULT_REGION: us-west-2 + AWS_REGION: us-west-2 + AWS_ACCOUNT_ID: "883127560329" + +setup-env: &setup-env + run: + name: Setup ENV + command: | + ./.circleci/setup-aws-config.sh + +machine-setup: &machine-setup + machine: + image: ubuntu-2204:2023.07.2 + docker_layer_caching: true + +persist-workspace: &persist-workspace + persist_to_workspace: + root: . + paths: + - "*" + +attach-workspace: &attach-workspace + attach_workspace: + at: *working_directory + +jobs: + build: + <<: *machine-setup + <<: *job-defaults + steps: + - checkout + - <<: *setup-env + - run: APP_VERSION=${CIRCLE_TAG:-$CIRCLE_SHA1} docker-compose build httpbin + - <<: *persist-workspace + +# TODO: Here should be some test as well to verify that container is actually starting in the image and can respond to basic commands + + deploy-image: + <<: *machine-setup + <<: *job-defaults + steps: + - <<: *attach-workspace + - <<: *setup-env + - run: | + ./ops/docker-login.sh + docker-compose push httpbin + +workflows: + build-test-and-deploy: + jobs: + - build: + context: + - circleci + filters: + tags: + only: /.*/ + branches: + only: /.*/ + - deploy-image: + context: + - circleci + requires: + - build + filters: + tags: + only: /^\d+\.\d+\.\d+(?:-\w+){0,1}$/ + branches: + ignore: /.*/ diff --git a/.circleci/setup-aws-config.sh b/.circleci/setup-aws-config.sh new file mode 100755 index 00000000..b95dcdf2 --- /dev/null +++ b/.circleci/setup-aws-config.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +mkdir -p ~/.aws + +echo " +[default] +region = us-west-2 +aws_access_key_id=$AWS_ACCESS_KEY_ID +aws_secret_access_key=$AWS_SECRET_ACCESS_KEY +[dev/vault] +region = us-west-2 +role_arn = arn:aws:iam::883127560329:role/VGSStageDeploy +source_profile = default +[prod/vault] +region = us-east-1 +role_arn = arn:aws:iam::526682027428:role/VGSStageDeploy +source_profile = default +[prod/vault-eu] +region = eu-central-1 +role_arn = arn:aws:iam::526682027428:role/VGSStageDeploy +source_profile = default +[deploy] +region = us-east-1 +role_arn = arn:aws:iam::190066226418:role/VGSImageDeploy +source_profile = default +" >> ~/.aws/credentials diff --git a/.gitignore b/.gitignore index eac3867b..587e2e02 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,5 @@ dist/ *.egg-info *.swp .vscode/ +.idea +local/ diff --git a/docker-compose.yml b/docker-compose.yml index a7765f7b..77e5877c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,11 @@ -version: '2' +version: '3' + services: - httpbin: - build: '.' - ports: - - '80:80' \ No newline at end of file + + httpbin: + image: quay.io/verygoodsecurity/httpbin:${APP_VERSION:-latest} + build: + context: . + dockerfile: vgs.dockerfile + ports: + - '8000:8000' diff --git a/httpbin/helpers.py b/httpbin/helpers.py index b29e1835..716fe30f 100644 --- a/httpbin/helpers.py +++ b/httpbin/helpers.py @@ -218,9 +218,9 @@ def status_code(code): 307: redirect, 401: dict(headers={'WWW-Authenticate': 'Basic realm="Fake Realm"'}), 402: dict( - data='Fuck you, pay me!', + data='Client must make a payment to access the requested resource.', headers={ - 'x-more-info': 'http://vimeo.com/22053820' + 'x-more-info': 'https://www.rfc-editor.org/rfc/rfc9110.html#section-15.5.3' } ), 406: dict(data=json.dumps({ diff --git a/local/LOCAL.md b/local/LOCAL.md new file mode 100644 index 00000000..4b37d19c --- /dev/null +++ b/local/LOCAL.md @@ -0,0 +1,26 @@ + + +curl -X GET "https://quay.io/api/v1/repository/verygoodsecurity/httpbin/tag/?page=2" | jq + +```json +{ + "name": "production-0.1.27", + "reversion": false, + "start_ts": 1598610088, + "manifest_digest": "sha256:b37ccee7c2a645b3be17b360b7625fd1321ff528878431cb3e33008d7f512cc4", + "is_manifest_list": false, + "size": 167255693, + "last_modified": "Fri, 28 Aug 2020 10:21:28 -0000" +} +``` + +``` +#RUN apk --update add --no-cache \ +# g++=9.3.0 \ +# gcc=9.3.0 \ +# python3-dev=3.8.5 \ +# build-base=0.5 \ +# libffi-dev=3.3 \ +# musl-dev=1.1.24 \ +# git=2.26.2 +``` \ No newline at end of file diff --git a/ops/docker-login.sh b/ops/docker-login.sh new file mode 100755 index 00000000..4e6543ff --- /dev/null +++ b/ops/docker-login.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +docker login quay.io --username "$QUAY_DOCKER_LOGIN" --password "$QUAY_DOCKER_LOGIN_PASSWORD" diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 00000000..4980401e --- /dev/null +++ b/requirements.txt @@ -0,0 +1,27 @@ +attrs==20.1.0 +blinker==1.4 +brotlipy==0.7.0 +cffi==1.14.2 +click==7.1.2 +decorator==4.4.2 +flasgger==0.9.5 +Flask==1.1.2 +gevent==21.12.0 +greenlet==1.1.3 +gunicorn==20.0.4 +itsdangerous==1.1.0 +Jinja2==2.11.2 +jsonschema==3.2.0 +MarkupSafe==1.1.1 +mistune==0.8.4 +pip==20.2.2 +pycparser==2.20 +pyrsistent==0.16.0 +PyYAML==5.3.1 +raven==6.10.0 +setuptools==49.3.1 +six==1.15.0 +Werkzeug==1.0.1 +wheel==0.34.2 +zope.event==4.4 +zope.interface==5.1.0 diff --git a/vgs.dockerfile b/vgs.dockerfile new file mode 100644 index 00000000..01ef9915 --- /dev/null +++ b/vgs.dockerfile @@ -0,0 +1,17 @@ +FROM python:3.8-alpine + +RUN apk --update add --no-cache \ + gcc \ + python3-dev \ + build-base \ + libffi-dev \ + musl-dev \ + git + +COPY . /httpbin/ +WORKDIR /httpbin +RUN pip install -r requirements.txt + +EXPOSE 8000 + +CMD ["gunicorn", "-b", "0.0.0.0:8000", "-w", "4", "-k", "gevent", "httpbin:app"] \ No newline at end of file From 11f33aeb8ffee9447e6cd6f4536c01830d765dfd Mon Sep 17 00:00:00 2001 From: mmorozov Date: Thu, 27 Jul 2023 17:09:02 +0300 Subject: [PATCH 2/2] [PROXY-463] Clean up --- .circleci/config.yml | 8 -------- .circleci/setup-aws-config.sh | 26 -------------------------- .gitignore | 1 - local/LOCAL.md | 26 -------------------------- vgs.dockerfile | 2 +- 5 files changed, 1 insertion(+), 62 deletions(-) delete mode 100755 .circleci/setup-aws-config.sh delete mode 100644 local/LOCAL.md diff --git a/.circleci/config.yml b/.circleci/config.yml index bb054903..366da01e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,12 +9,6 @@ job-defaults: &job-defaults AWS_REGION: us-west-2 AWS_ACCOUNT_ID: "883127560329" -setup-env: &setup-env - run: - name: Setup ENV - command: | - ./.circleci/setup-aws-config.sh - machine-setup: &machine-setup machine: image: ubuntu-2204:2023.07.2 @@ -36,7 +30,6 @@ jobs: <<: *job-defaults steps: - checkout - - <<: *setup-env - run: APP_VERSION=${CIRCLE_TAG:-$CIRCLE_SHA1} docker-compose build httpbin - <<: *persist-workspace @@ -47,7 +40,6 @@ jobs: <<: *job-defaults steps: - <<: *attach-workspace - - <<: *setup-env - run: | ./ops/docker-login.sh docker-compose push httpbin diff --git a/.circleci/setup-aws-config.sh b/.circleci/setup-aws-config.sh deleted file mode 100755 index b95dcdf2..00000000 --- a/.circleci/setup-aws-config.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -mkdir -p ~/.aws - -echo " -[default] -region = us-west-2 -aws_access_key_id=$AWS_ACCESS_KEY_ID -aws_secret_access_key=$AWS_SECRET_ACCESS_KEY -[dev/vault] -region = us-west-2 -role_arn = arn:aws:iam::883127560329:role/VGSStageDeploy -source_profile = default -[prod/vault] -region = us-east-1 -role_arn = arn:aws:iam::526682027428:role/VGSStageDeploy -source_profile = default -[prod/vault-eu] -region = eu-central-1 -role_arn = arn:aws:iam::526682027428:role/VGSStageDeploy -source_profile = default -[deploy] -region = us-east-1 -role_arn = arn:aws:iam::190066226418:role/VGSImageDeploy -source_profile = default -" >> ~/.aws/credentials diff --git a/.gitignore b/.gitignore index 587e2e02..1911764c 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,3 @@ dist/ *.swp .vscode/ .idea -local/ diff --git a/local/LOCAL.md b/local/LOCAL.md deleted file mode 100644 index 4b37d19c..00000000 --- a/local/LOCAL.md +++ /dev/null @@ -1,26 +0,0 @@ - - -curl -X GET "https://quay.io/api/v1/repository/verygoodsecurity/httpbin/tag/?page=2" | jq - -```json -{ - "name": "production-0.1.27", - "reversion": false, - "start_ts": 1598610088, - "manifest_digest": "sha256:b37ccee7c2a645b3be17b360b7625fd1321ff528878431cb3e33008d7f512cc4", - "is_manifest_list": false, - "size": 167255693, - "last_modified": "Fri, 28 Aug 2020 10:21:28 -0000" -} -``` - -``` -#RUN apk --update add --no-cache \ -# g++=9.3.0 \ -# gcc=9.3.0 \ -# python3-dev=3.8.5 \ -# build-base=0.5 \ -# libffi-dev=3.3 \ -# musl-dev=1.1.24 \ -# git=2.26.2 -``` \ No newline at end of file diff --git a/vgs.dockerfile b/vgs.dockerfile index 01ef9915..69742569 100644 --- a/vgs.dockerfile +++ b/vgs.dockerfile @@ -14,4 +14,4 @@ RUN pip install -r requirements.txt EXPOSE 8000 -CMD ["gunicorn", "-b", "0.0.0.0:8000", "-w", "4", "-k", "gevent", "httpbin:app"] \ No newline at end of file +CMD ["gunicorn", "-b", "0.0.0.0:8000", "-w", "4", "-k", "gevent", "httpbin:app"]